From patchwork Fri Aug 20 22:49:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 12450531 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3BD92C4320A for ; Fri, 20 Aug 2021 22:53:13 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id F0F9E61057 for ; Fri, 20 Aug 2021 22:53:12 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org F0F9E61057 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:Reply-To:List-Subscribe:List-Help: List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References :Mime-Version:Message-Id:In-Reply-To:Date:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=ME3OqDEIIOWK52gpbwxcmT9hX5yDHMHsTz9PeoxiBMs=; b=Qmo9MSlKsOC69P cNs3o7DgQ4HEM0N3dpoyH2QANvSMFfEYoXDsVWdTBfJAk7SYWlDHRjWfvnu98pU+2mLj5tr+J9p/i e2JC64J5ZV1fRZNI5xq4bxKqRnf5A7kXFOKZ259B1BLIxvcBrEHVp7pabrVreRiS+I0HYJAZyabiV N42TLadBd3Cv3fy2kfvIhQSsurF5kgMAF1M+3fSpwv36v1PveHPiWC/ndzgJBUv/Wn2dyLWM4DlaI 5LoeKjmKHVmTZfpDFGcIGt6hCCqWuc0TM8A8IESpFOojcQI5OcuxOCRgyMuPmObL1pmE7Y1v6eHCh bDGJhuNCSNKqkJL0DsQQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mHDLY-00CDrH-Vi; Fri, 20 Aug 2021 22:50:45 +0000 Received: from mail-yb1-xb49.google.com ([2607:f8b0:4864:20::b49]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mHDLI-00CDiv-I7 for linux-arm-kernel@lists.infradead.org; Fri, 20 Aug 2021 22:50:29 +0000 Received: by mail-yb1-xb49.google.com with SMTP id m10-20020a25d40a000000b00598bbbf467dso531630ybf.1 for ; Fri, 20 Aug 2021 15:50:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=xP5ox9LWixjADMi17y3ZCQWo2erbBD1sONNzP8xurzE=; b=tXEUDIokv3wviiIHm0X1lfehl+7Wj+ai//AARTsEaN1rF/g+qgM0jkaL/67dfoLObd /VWDG94O6zohRyVJlvMoTwUthibKrCCzBDD8tEzYMgjHRfEGVjY26UAk17M/80W7qzcE +Dq6sPv3FDU89mJYh9+ekPU+ZZa3f2B3pNThMlV8S4zT3EvIZxmmzYeWWw8fAdOZ8aZX q/F5fTOs74/65WVjg0ebVGJBUIa2l+SoX8BfH6txrP6bpbe0aTcWGU0L3LUv9MLl2D19 ODvhLnuYaGHH2tXSnKzKsh4myYkskgOnODjtxOKRgiVifadLsUQoTyf21e4iRZ975FFi gx1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=xP5ox9LWixjADMi17y3ZCQWo2erbBD1sONNzP8xurzE=; b=fbfvexHq3L7AsaApK+uDSRO23VtAA9/roIdcYfMVZh+1sjKPHEtLj8CXbjO++Kymcx JB9J4mlxd9c3uj0FrBkLdAfMShxOcIiWWdzN9dUhHhPnvVc0n1JWEQBPzmGjy6Z4bjls MfGkOIyKgSpeoOch6ZI8RaMKbb2xF+qYuljm9nHlvr6Hg4V2MwBwyGS+xSoPoYIEo994 aGDJiGaEG5k7vwELBNVC95u5ngnPJX15xlKizyFggzK7Ui+/sMnTR8/xEy7nIg93YSlD JIWzqPSLe89lMmNdRzM69SDKbtCE2KRyxQ//4kyRMePdNyP60TX5nO6OSHft6A3Kiyl1 JcKg== X-Gm-Message-State: AOAM533FzyE4MgQ2lsqjY0X38vba0r15COs4XCrdxq1/D7JySJUoPSi1 +63/3NkspG9Jsjx+oFbRcuIF/TrSUIQ= X-Google-Smtp-Source: ABdhPJzpWT+3ES5mMOXB298qwmvmgMpVNnMXVRiYwkdnjiampjGDXa11mhNSWVVNLuqYYUep/90t+CL+4oo= X-Received: from seanjc798194.pdx.corp.google.com ([2620:15c:90:200:f11d:a281:af9b:5de6]) (user=seanjc job=sendgmr) by 2002:a25:ad18:: with SMTP id y24mr28951064ybi.50.1629499826546; Fri, 20 Aug 2021 15:50:26 -0700 (PDT) Date: Fri, 20 Aug 2021 15:49:58 -0700 In-Reply-To: <20210820225002.310652-1-seanjc@google.com> Message-Id: <20210820225002.310652-2-seanjc@google.com> Mime-Version: 1.0 References: <20210820225002.310652-1-seanjc@google.com> X-Mailer: git-send-email 2.33.0.rc2.250.ged5fa647cd-goog Subject: [PATCH v2 1/5] KVM: rseq: Update rseq when processing NOTIFY_RESUME on xfer to KVM guest From: Sean Christopherson To: Russell King , Catalin Marinas , Will Deacon , Guo Ren , Thomas Bogendoerfer , Michael Ellerman , Heiko Carstens , Vasily Gorbik , Christian Borntraeger , Steven Rostedt , Ingo Molnar , Oleg Nesterov , Thomas Gleixner , Peter Zijlstra , Andy Lutomirski , Mathieu Desnoyers , "Paul E. McKenney" , Boqun Feng , Paolo Bonzini , Shuah Khan Cc: Benjamin Herrenschmidt , Paul Mackerras , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-csky@vger.kernel.org, linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, kvm@vger.kernel.org, linux-kselftest@vger.kernel.org, Peter Foley , Shakeel Butt , Sean Christopherson , Ben Gardon X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210820_155028_627704_2E00A680 X-CRM114-Status: GOOD ( 19.58 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Sean Christopherson Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Invoke rseq's NOTIFY_RESUME handler when processing the flag prior to transferring to a KVM guest, which is roughly equivalent to an exit to userspace and processes many of the same pending actions. While the task cannot be in an rseq critical section as the KVM path is reachable only by via ioctl(KVM_RUN), the side effects that apply to rseq outside of a critical section still apply, e.g. the current CPU needs to be updated if the task is migrated. Clearing TIF_NOTIFY_RESUME without informing rseq can lead to segfaults and other badness in userspace VMMs that use rseq in combination with KVM, e.g. due to the CPU ID being stale after task migration. Fixes: 72c3c0fe54a3 ("x86/kvm: Use generic xfer to guest work function") Reported-by: Peter Foley Bisected-by: Doug Evans Cc: Shakeel Butt Cc: Thomas Gleixner Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Acked-by: Mathieu Desnoyers --- kernel/entry/kvm.c | 4 +++- kernel/rseq.c | 14 +++++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/kernel/entry/kvm.c b/kernel/entry/kvm.c index 49972ee99aff..049fd06b4c3d 100644 --- a/kernel/entry/kvm.c +++ b/kernel/entry/kvm.c @@ -19,8 +19,10 @@ static int xfer_to_guest_mode_work(struct kvm_vcpu *vcpu, unsigned long ti_work) if (ti_work & _TIF_NEED_RESCHED) schedule(); - if (ti_work & _TIF_NOTIFY_RESUME) + if (ti_work & _TIF_NOTIFY_RESUME) { tracehook_notify_resume(NULL); + rseq_handle_notify_resume(NULL, NULL); + } ret = arch_xfer_to_guest_mode_handle_work(vcpu, ti_work); if (ret) diff --git a/kernel/rseq.c b/kernel/rseq.c index 35f7bd0fced0..6d45ac3dae7f 100644 --- a/kernel/rseq.c +++ b/kernel/rseq.c @@ -282,9 +282,17 @@ void __rseq_handle_notify_resume(struct ksignal *ksig, struct pt_regs *regs) if (unlikely(t->flags & PF_EXITING)) return; - ret = rseq_ip_fixup(regs); - if (unlikely(ret < 0)) - goto error; + + /* + * regs is NULL if and only if the caller is in a syscall path. Skip + * fixup and leave rseq_cs as is so that rseq_sycall() will detect and + * kill a misbehaving userspace on debug kernels. + */ + if (regs) { + ret = rseq_ip_fixup(regs); + if (unlikely(ret < 0)) + goto error; + } if (unlikely(rseq_update_cpu_id(t))) goto error; return;